7434143287

Committed 06 Jan 2024 09:54PM UTC coverage: 94.68% (-1.1%) from 95.793%

Build # 7434143287

Build Type

Pull #141

github

Committed by

web-flow

Commit Message

Merge 4d1f37519 into 39576a822

Pull Request Pull Request #141: CakePHP 5 support

Run Details

961 of 1015 relevant lines covered (94.68%)

4.4 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

69.81

/plugins/jwt-auth/src/Configuration/Configuration.php

<?php
declare(strict_types=1);

namespace MixerApi\JwtAuth\Configuration;

use Cake\Core\Configure;
use MixerApi\JwtAuth\Exception\JwtAuthException;

class Configuration
{
    /**
     * Allowed algorithms
     *
     * @var string[]
     */
    public const ALG = ['RS256', 'RS512', 'HS256', 'HS512'];

    /**
     * @var int Required size of HMAC secret
     */
    private const SECRET_LENGTH = 32;

    /**
     * @var int Required RSA key size
     */
    private const RSA_KEY_LENGTH = 2048;

    /**
     * Signing algorithm
     *
     * @see Configuration::ALG
     * @var string
     */
    private string $alg;

    /**
     * Required for HS256.
     *
     * @var string|null
     */
    private ?string $secret = null;

    /**
     * @var \MixerApi\JwtAuth\Configuration\KeyPair[]
     */
    private array $keyPairs = [];

    /**
     * @param \Cake\Core\Configure|null $configure Cake Configure instance
     * @throws \MixerApi\JwtAuth\Exception\JwtAuthException
     */
    public function __construct(?Configure $configure = null)
    {
        $config = ($configure ?? new Configure())::read('MixerApi.JwtAuth');
        if ($config === null) {
            throw new JwtAuthException(
                'Invalid configuration. Could not read MixerApi.JwtAuth config.'
            );
        }

        $this->alg = strtoupper((string)$config['alg']);
        if (!in_array($this->alg, self::ALG)) {
            throw new JwtAuthException(
                "Invalid configuration. Alg `$this->alg` is either invalid, unsupported or unknown. " .
                'The value of `MixerApi.JwtAuth.alg` must be one of: ' . implode(', ', self::ALG)
            );
        }

        if (str_starts_with(haystack: $this->alg, needle: 'HS')) {
            if (empty($config['secret']) || !is_string($config['secret'])) {
                throw new JwtAuthException(
                    'Invalid configuration. `MixerApi.JwtAuth.secret` is a required string when using HMAC.'
                );
            }
            if (strlen($config['secret']) < self::SECRET_LENGTH) {
                throw new JwtAuthException(
                    sprintf(
                        'HMAC secret must be >= %s characters, but yours is %s ' .
                        ' characters. Increase the length of your MixerApi.JwtAuth.secret',
                        self::SECRET_LENGTH,
                        strlen($config['secret'])
                    )
                );
            }
            $this->secret = $config['secret'];
        } elseif (str_starts_with(haystack: $this->alg, needle: 'RS')) {
            if (empty($config['keys']) || !is_array($config['keys'])) {
                throw new JwtAuthException(
                    'Invalid configuration. `MixerApi.JwtAuth.keys` must contain keys when using RSA.'
                );
            }

            foreach ($config['keys'] as $key) {
                $keyPair = new KeyPair(...$key);
                $res = openssl_pkey_get_public($keyPair->public);
                $detail = openssl_pkey_get_details($res);

                if ($detail['bits'] < self::RSA_KEY_LENGTH) {
                    throw new JwtAuthException(
                        sprintf(
                            'Invalid configuration. RSA keys must be at least %s bits, but yours is %s. ' .
                            'Please generate stronger keys.',
                            self::RSA_KEY_LENGTH,
                            $detail['bits']
                        )
                    );
                }

                $this->keyPairs[] = $keyPair;
            }
        }
    }

    /**
     * @return string
     */
    public function getAlg(): string
    {
        return $this->alg;
    }

    /**
     * @return string|null
     */
    public function getSecret(): ?string
    {
        return $this->secret;
    }

    /**
     * @return \MixerApi\JwtAuth\Configuration\KeyPair[]
     */
    public function getKeyPairs(): array
    {
        return $this->keyPairs;
    }

    /**
     * Return a specific key
     *
     * @param string $kid The kid to search for.
     * @return \MixerApi\JwtAuth\Configuration\KeyPair|null
     * @throws \MixerApi\JwtAuth\Exception\JwtAuthException
     */
    public function getKeyPairByKid(string $kid): ?KeyPair
    {
        $keys = $this->getKeyPairs();
        foreach ($keys as $key) {
            if ($key->kid === $kid) {
                return $key;
            }
        }

        return null;
    }
}

1	<?php
2	declare(strict_types=1);
3
4	namespace MixerApi\JwtAuth\Configuration;
5
6	use Cake\Core\Configure;
7	use MixerApi\JwtAuth\Exception\JwtAuthException;
8
9	class Configuration
10	{
11	/**
12	* Allowed algorithms
13	*
14	* @var string[]
15	*/
16	public const ALG = ['RS256', 'RS512', 'HS256', 'HS512'];
17
18	/**
19	* @var int Required size of HMAC secret
20	*/
21	private const SECRET_LENGTH = 32;
22
23	/**
24	* @var int Required RSA key size
25	*/
26	private const RSA_KEY_LENGTH = 2048;
27
28	/**
29	* Signing algorithm
30	*
31	* @see Configuration::ALG
32	* @var string
33	*/
34	private string $alg;
35
36	/**
37	* Required for HS256.
38	*
39	* @var string\|null
40	*/
41	private ?string $secret = null;
42
43	/**
44	* @var \MixerApi\JwtAuth\Configuration\KeyPair[]
45	*/
46	private array $keyPairs = [];
47
48	/**
49	* @param \Cake\Core\Configure\|null $configure Cake Configure instance
50	* @throws \MixerApi\JwtAuth\Exception\JwtAuthException
51	*/
52	public function __construct(?Configure $configure = null)
53	{
54	$config = ($configure ?? new Configure())::read('MixerApi.JwtAuth');	27✔
55	if ($config === null) {	27✔
56	throw new JwtAuthException(	1✔
57	'Invalid configuration. Could not read MixerApi.JwtAuth config.'	1✔
58	);	1✔
59	}
60
61	$this->alg = strtoupper((string)$config['alg']);	26✔
62	if (!in_array($this->alg, self::ALG)) {	26✔
63	throw new JwtAuthException(	1✔
64	"Invalid configuration. Alg `$this->alg` is either invalid, unsupported or unknown. " .	1✔
65	'The value of `MixerApi.JwtAuth.alg` must be one of: ' . implode(', ', self::ALG)	1✔
66	);	1✔
67	}
68
69	if (str_starts_with(haystack: $this->alg, needle: 'HS')) {	25✔
70	if (empty($config['secret']) \|\| !is_string($config['secret'])) {	13✔
71	throw new JwtAuthException(	1✔
72	'Invalid configuration. `MixerApi.JwtAuth.secret` is a required string when using HMAC.'	1✔
73	);	1✔
74	}
75	if (strlen($config['secret']) < self::SECRET_LENGTH) {	12✔
76	throw new JwtAuthException(	×
77	sprintf(	×
78	'HMAC secret must be >= %s characters, but yours is %s ' .	×
79	' characters. Increase the length of your MixerApi.JwtAuth.secret',	×
80	self::SECRET_LENGTH,	×
81	strlen($config['secret'])	×
82	)	×
83	);	×
84	}
85	$this->secret = $config['secret'];	12✔
86	} elseif (str_starts_with(haystack: $this->alg, needle: 'RS')) {	14✔
87	if (empty($config['keys']) \|\| !is_array($config['keys'])) {	14✔
88	throw new JwtAuthException(	1✔
89	'Invalid configuration. `MixerApi.JwtAuth.keys` must contain keys when using RSA.'	1✔
90	);	1✔
91	}
92
93	foreach ($config['keys'] as $key) {	13✔
94	$keyPair = new KeyPair(...$key);	13✔
95	$res = openssl_pkey_get_public($keyPair->public);	13✔
96	$detail = openssl_pkey_get_details($res);	13✔
97
98	if ($detail['bits'] < self::RSA_KEY_LENGTH) {	13✔
99	throw new JwtAuthException(	×
100	sprintf(	×
101	'Invalid configuration. RSA keys must be at least %s bits, but yours is %s. ' .	×
102	'Please generate stronger keys.',	×
103	self::RSA_KEY_LENGTH,	×
104	$detail['bits']	×
105	)	×
106	);	×
107	}
108
109	$this->keyPairs[] = $keyPair;	13✔
110	}
111	}
112	}
113
114	/**
115	* @return string
116	*/
117	public function getAlg(): string
118	{
119	return $this->alg;	17✔
120	}
121
122	/**
123	* @return string\|null
124	*/
125	public function getSecret(): ?string
126	{
127	return $this->secret;	7✔
128	}
129
130	/**
131	* @return \MixerApi\JwtAuth\Configuration\KeyPair[]
132	*/
133	public function getKeyPairs(): array
134	{
135	return $this->keyPairs;	11✔
136	}
137
138	/**
139	* Return a specific key
140	*
141	* @param string $kid The kid to search for.
142	* @return \MixerApi\JwtAuth\Configuration\KeyPair\|null
143	* @throws \MixerApi\JwtAuth\Exception\JwtAuthException
144	*/
145	public function getKeyPairByKid(string $kid): ?KeyPair
146	{
147	$keys = $this->getKeyPairs();	1✔
148	foreach ($keys as $key) {	1✔
149	if ($key->kid === $kid) {	1✔
150	return $key;	1✔
151	}
152	}
153
154	return null;	1✔
155	}
156	}

mixerapi / mixerapi-dev / 7434143287

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous